8 Minute Read
September 28, 2023
Recent reports have shown that the construction industry is among the most targeted for ransomware attacks. In fact, contractors of all types and sizes are among the leading businesses impacted by targeted data and cybersecurity threats like phishing scams, malware, wire and electronic fraud, and more. Given that the average cost of a data breach in the United States is around $9 million, doing business without the proper technology and data protections in place can be a risky venture.
Although large companies that generate more revenue tend to attract more hackers, small companies are also appealing to hackers because they usually do not have the most modern technologies or robust construction cybersecurity protocols in place. Recent work on cybersecurity impacts on contractors shows that while the industry once enjoyed relatively few attacks, this is no longer the case—and it's likely to continue to get worse.
E.R. Snell Contractor, Inc. is a premier contractor for road and bridge construction, with a focus on concrete and asphalt construction of roads, bridges, and culverts. In 2020, before moving to the cloud, it was the target of a ransomware attack.
E.R. Snell’s vice president of technology, Justin Snell, recently spoke with Trimble Viewpoint to share the company’s story about the attack for the benefit of other contractors, and the changes made to protect against cyber risks. Here is a segment of that discussion:
Snell: During the Labor Day weekend, we started receiving alerts that our antivirus software had been disabled so we immediately went into the office to determine what was going on. Upon closer inspection, we realized that all of our files were being encrypted and our servers had been hacked. The next morning, I was on the phone with the FBI to report the incident.
At the time of the attack, only 10% of our data was hosted in the cloud with the majority of data hosted on-premise. Luckily, both our cloud and on-prem servers were backed up daily so that we could access our data in case of an emergency. However, the hackers had deleted almost all of the cloud backups, likely to provide even more leverage for us to pay the ransom.
The hackers got in via an employee’s email account and had placed a key-logger on the on-prem mail server to gain administrative access. Through the chat service, they then demanded a ransomware payment through bitcoin.
Snell: In the first 24 hours we hired an incident response team and attorney. Fortunately, we had cybersecurity insurance, so we were able to quickly file a claim. We then engaged Trimble Viewpoint to help move our Vista ERP to the cloud and to the connected Trimble Construction One suite of solutions. They jumped into action immediately, helping to move our data and getting everything set up so we could continue to work. All of our critical services were back up within a week.
We also set up multi-factor authentication on all critical accounts, including email. During these processes, the backups being held for ransom were recovered so we were able to ignore the ransom demands.
Snell: With the lack of available software, multiple departments had to utilize manual processes, which required extra time and resources. Throughout the three weeks of triage, we paid out insurance and betterment fees, hired an outside accounting firm to rebuild five months of data and hired an outside IT firm to rebuild more than 200 computers.
Snell: We’ve made several companywide adjustments. One of the biggest changes was moving 80% of our systems to the cloud. In hindsight, it’s something I wish we had done sooner.
Trusting our data to Trimble Viewpoint’s Vista in the cloud is an insurance policy in itself and mitigates a lot of risk. We now have peace of mind knowing that our data is more secure in the cloud with encrypted, user-level permission controls, multi-factor authentication and single sign-on.
Snell: Technology evolves so fast. You have to not only stay ahead of the competition, but stay ahead of threat actors. If anything, this was a sobering experience of understanding the threats, which are growing more severe by the day.
In addition to moving to the cloud, create a written disaster recovery plan and regularly review and test it. We conduct an annual in-depth review of our plan and run monthly and quarterly reviews and DR tests where we simulate all of our servers going down and restoring the backups.
Education is also key. Everyone in your company should be aware of the importance of data security and be on the lookout for threats when they open every email, visit every website and perform any action on their computing devices. Host training sessions and show employees exactly what they should look for to prevent an attack.
All high-security logins should require employees to verify their identities in more than one way with multi-factor authentication. Employees should use an entire phrase when creating a password and include spaces between a minimum of four words. Adding in characters, numbers and case-sensitive words will make it even more complicated and thus harder to crack.
Looking back at why we were targeted, it makes perfect sense that a construction company may not have the best security protocols in place but today, we do.
Is your company equipped with the right technology solutions to connect and protect your business and workflows when an attack occurs?
Trimble Viewpoint can help you modernize your operations and future-proof your organization by leveraging a cloud,-connected construction and business management suite of solutions, and a commitment to best-in-class data security. Reach out and connect with us today to learn more.
8 Minute Read
September 28, 2023
5 Minute Read
October 25, 2023
5 Minute Read
October 26, 2023